I currently have a closer look on CERTs ADIA:
http://www.cert.org/forensics/tools/ scroll down to ADIA
ADIA used to have the latest software installed and get regulary updates.
With CERTs ADIA you can also read bitlocker encrypted devices:
sudo su
yum install libbde
yum install libbde-tools
This enables ADIA to read from bitlocker drive encryption (bde). The version from 20130422 will be installed. There's also a version from 20130626:
https://googledrive.com/host/0B3fBvzttpiiSX2VCRk16TnpDd0U/
General libbde info:
http://code.google.com/p/libbde/
Mounting bitlocker devices:
http://code.google.com/p/libbde/wiki/Mounting
/edit
Seems to be that libbde/ libbde-tools only works with drive images and not partition raw files - still with version 20130626.
Looks the same like here: https://code.google.com/p/libbde/issues/detail?id=1&can=1 with Win 7 raw partition images.
/edit2
Compiled again libbde 20130626 with verbose output enabled and tried again. I can decrypt a raw partition. Maybe I made yesterday an error. Also bdeinfo shows up the correct encryption info.
↧